ISP port blocking practice

Owen DeLong owen at delong.com
Fri Sep 3 12:00:06 CDT 2010


I have had it happen in some metro areas on sprint. I have experienced it in at least a dozen hotels over the last 12 months. I have run into it in various airports with free public wifi. I have run into the problem in several coffee shops.

By far, the worst offenders are the most expensive hotels where the Internet access, damaged as it is generally goes for $25+ per day. I almost always end up getting free Internet as a result because I report the issue as a problem and their technical support usually can't spell tcp let alone understand what I mean when I say a port is blocked.

Even worse is the ones that silently redirect your smtp (regardless of port) session to their MTA. Fortunately, my configuration is good enough that it just breaks in these cases, but I know many people who thought they were connecting to their own server via TLS only to later discover that their mail was relayed in clear text through several third party servers. (most mua's seem to have an unfortunate default to "ssl or tis if available" and keep right on sending even if tis negotiations are rejected.)

Owen


Sent from my iPad

On Sep 4, 2010, at 12:08 AM, JC Dill <jcdill.lists at gmail.com> wrote:

> Patrick W. Gilmore wrote:
>> On Sep 3, 2010, at 8:22 AM, Owen DeLong wrote:
>>  
>>> On Sep 2, 2010, at 10:41 PM, Franck Martin wrote:
>>> 
>>>    
>>>> Have you heard of the submission port?
>>>> 
>>>>      
>>> Yes... Many of the idiots that block outbound 25 also block outbound 587 and sometimes 465.
>>>    
>> 
>> Could you point to more than one instance?  I've not yet found one.  And I think I spend at least as much time in hotels & 3G & airports & etc. as you anyone else here.
>> 
>>  
> FWIW, I had it happen at a local library.  Used their webform to send a message mentioning that blocking 25 was good, but blocking 587 and 465 was bad.  It took several days but they did fix it.
> 
> jc
> 




More information about the NANOG mailing list